Data security

Data security refers to keeping data safe from various hazards or dangers like natural hazards, deliberate
corruption or destruction of software and hardware by malicious or terrorist acts, illegal access to data
by hackers/crackers (people who break into the system) and accidental destruction by hardware or
software failure or operator’s error.

Functions of data security/ data security functions

To prevent loss of data files

To secure data from accidental or deliberate corruption or modification (data integrity)

To prevent data from accidental or deliberate disclosure to unauthorized individuals.

To protect the rights of individuals and organizations by restricting access to information which relates
to them and is of private nature to those entitled or authorized to receive it (data privacy).

Data protection act 1984 .

The act was passed to prevent the misuse of personal data (on employees, customers, potential
customers and others) and to prevent it causing harm to individualsThe data protection act 1984 has
clauses to ensure that:
1. Personal data must be obtained legally and fairly as well as being processed fairly and lawfully.
2. Personal data may only be held for one or more specified and lawful purposes
3. The data must accurate and (where necessary) kept up-to-date
4. An individual is entitled to examine data held about him/her and have it corrected where necessary or
erase such data.
5. Personal data must not be used or disclosed in any manner incompatible with original purpose of its
collection.
6. personal data must be adequate, relevant and not excessive in relation to that purpose
7. it must not be kept for longer than is necessary
8. Individuals must be informed by any data user that they hold information on them and must inform
them at reasonable intervals and without overcharging for the service.
9. appropriate security measures shall be taken against unauthorized access, alteration, disclosure, or
destruction of personal data and must also be taken against accidental loss{or destruction of personal
data}
10. (Individuals on whom data is held are data subjects) the act gives these individuals the right of access
to the information, the right to challenge inaccurate information and the right to be compensated if
they suffer harm. Some exceptions to the right to receive compensation - where data has been supplied
by the individual - where data has been acquired with reasonable care - data held for statistical
purposes, from which it is impossible to identify individuals Note: The main danger with computerized
data is that the large volume of data can be sent anywhere in the world at very high speed and at little
cost, whereas it would be so time consuming and expensive to photocopy and post manual files of
information to other organizations (this is unlikely to happen). Therefore, there is no need for similar
legislation for non-computerized data.
Measures to ensure data security

Data encryption.

1. Data encryption refers to the process of scrambling or hiding the substance of information so
that it cannot be understood without the key necessary to change it back to its original form.
Data encryption refers to the process of scrambling or hiding the substance of information so
that it cannot be understood until it is decrypted or deciphered to change it back to its original
form.
2. Data encryption refers to any process used in cryptography to convert plaintext into cipher text
in order to prevent anyone except the intended recipient(s) from reading the data. There are
many types of data encryption; they are the basis of network security. Common types include
Data Encryption Standard and public key encryption.
3. Encryption is the process of transforming a message in ordinary language i.e. plain text to
produce cipher text which is then sent along a communications link/line. The receiving
computer uses another transformation code to decode/decrypt the message.
4. Encryption is the process of disguising a message or data in such a way as to hide its substance
(meaning).

Data encryption/decryption Data is coded before transmission over WAN and decrypted only if you have
the key and code to decrypt the data on receiving the end.

Encryption provides a last line of defense against unauthorized use of data. If data is encrypted,
unauthorized users obtain only scrambled gibberish instead of meaningful information.

Decryption refers to the process of converting encrypted content back into its original form i.e. the
process of converting cipher text to plain text. Cipher text refers to the unreadable characters (content)
that plain text is converted into for security.

Use of Firewall

Firewall refers to software designed to prevent unauthorized access to a PC or network through a

connection to the internet.

Firewall is a security system that acts as a protective boundary between a PC or network (intranet) and
the outside world.

Internet Connection Firewall (ICF) is firewall software that is used to set restrictions on what information
is communicated from your home or small office network to and from the internet to your network. 
Firewall is a system of hardware and software that blocks unauthorized users inside and outside the
organization from entering the internet

The firewall works by monitoring all data sent to and from the PC and comparing the data with the set of
user defined security criteria. Any data that does not meet those criteria is blocked.  Firewalls also
process encrypted data and verify the validity of the user. Users would require access to the firewall
before they can transmit data.

Latest firewalls also have the ability to detect virus software in packets of data that is sent through the
network. Firewall disallows data transmission if it detects strains of virus on the data being transmitted.
Security is essential to an internet.
A firewall consists of two parts; a choke and a gate
The choke forces all data packets flowing between the internet and the internet to pass through the
gate
The gate regulates the flow between the two networks. It identifies authorized users, searches for
viruses, and implements other security measures.
Thus internet users can gain access to the internet (including key sites connected by hyperlinks) but
outside internet users cannot enter the internet.
Photonics is the science of sending data bits by means of light pulses carried on hair-thin glass fibres.
Wave division multiplexing/dense wave-length division multiplexing allows laser pulses of different hues
to be sent down the same tiny fiber.
There are three methods of personal identification: something a person carries, something a person
knows, or some unique physical traits. Any one of these methods has the potential to positively identify
a person, and each has a unique set of advantages and disadvantages.

Use of Usernames and passwords

 Password is a string of characters that must be provided before a logon name or an access is
authorized.
 Password is a security measure used to restrict logon names to user accounts and access to
computer systems and resources.
 Passwords restrict only authorized personnel/users to have access to the data or computer
rooms. Passwords brings in an aspect of accountability, if a file is deleted, the person with the
password will be reported as the culprit through logging.
 Passwords are widely used by companies to protect their equipment and data but can be
forgotten. Password can be made up of letters, numbers and symbols and it is case sensitive.
 Password cracking software uses one of the three approaches o Intelligent guessing-this refers
to dictionary attacks (a brute force method of trying every word in an electronic dictionary) and
automation that tries every possible combination of characters. Nevertheless, the success of
this method decreases if a password is based on two words, a word and a number, or a
nonsense word that does not appear in a dictionary. Given enough time, the automated
method can crack any password even though it can still take months to crack a strong
password.
 Encrypted passwords Encrypted password is a password that is scrambled. Encrypted
passwords are more secure than plaintext passwords, which are susceptible to network sniffers.
 Protecting your password To ensure security, passwords must be used carefully.
Recommendations that help protect your password .
 Never write down your password especially in obvious places .
 Never share your password with anyone .
 Never use your network logon password for another purpose
  Use different passwords for your network logon and the administrator account on your
computer and don’t choose obvious passwords; for hackers can break in.
 Strong passwords may contain at least seven characters from all the groups (letters, numbers,
and symbols), one symbol character in the 2nd through sixth position.
 The password should significantly different from prior passwords.
 The password must not contain your name or username or a common word or name.

Authorized entry to computer installations.

 Most installations have card readers, voice recognition systems or keypads that prohibit
entry to unauthorized personnel. Apart from access codes and other methods, lock and
key is also used to restrict entry into computer installations .
 Backing up files on external disks periodically The backup copies of the files must be
kept in a different location and make about 3 generations of backup .
 Saving work frequently 7.
 Avoiding viruses .
 Installing fire alarms .
 Lining computer rooms with fire resistant material .
 placing the computer room in upper rooms of the building to avoid floods and reduce
burglaries .
 having a security guard 24hrs a day .
Biometrics
 Biometrics refers to the biological measurements, such as fingerprinting, that are used
in the context of computers to verify a person’s identity.
 Biometrics is the technology of authenticating a person’s identity by verifying a
personal characteristic.
 Biometrics device grant users access to programs, systems, or rooms by analyzing
some physiological (related to physical or chemical activities in the body) or behavioral
characteristics which include fingerprints, hand geometry, facial features, voice,
signatures and eye patterns (the patterns of blood vessels in the retina of the eye).
 Fingerprint scanner (the most widely used biometric device) is a biometrics device that
captures curves and indentations of a fingerprint and compares them with those of a
stored image.

Biometric device

Biometric device authenticates a person’s identity by translating a personal characteristic (e.g.

fingerprint) into a digital code that is then compared with a digital code stored in the computer verifying
a physical or behavioral characteristic.

If the digital code in the computer does not match the personal characteristic code, the computer
denies access to the individual.
  Grant access to computers, programs, or rooms using computer analysis of some biometric
identifier.
 Examples of biometric devices and systems (technologies) include fingerprint scanners, hand
geometry systems, face recognition systems, voice verification systems, signature verification
systems, iris recognition systems and retinal scanners.

Advantage

 Biometric data can’t be lost, forgotten or borrowed.

 Some biometric technologies are cheap and can confirm your identity in less than two seconds,
even from a pool of thousands of employees. Fingerprint scanners cost less than $200.
User Access rights are rules that limit the directories and files that each user can access. The system
administrator gives the computer users rights that allow them to access only certain directories and files
when creating the user accounts on the computer system or network. Granting users only the rights
they need helps prevent both accidental and deliberate damage to data. If users are granted limited
rights, a hacker/cracker who steals someone’s password has only those rights granted to the person
from whom the password was stolen. Hackers occasionally gain unauthorized access to computer
systems through a trap door. A trap door is a special set of instructions that allows a user to bypass the
normal security precautions and enter the system. Trap doors are often created during the development
of a new system to provide the system administrators with easy access to the computer for installation
and testing. All trap doors should be removed before the system becomes operational, if not removed; it
becomes a possible means of entry for any hacker/cracker that/who discovers it.

Technical control: security dial back devices can eliminate the problem of access by hackers/crackers
and former employees. Dial back systems prevents unauthorized outsiders from breaking into
company’s information system microcomputers and phone lines. When someone dials the computer by
touch tone phone and gives a password upon requested by the computer, the computer disconnects the
caller, checks its files and dials back the authorized telephone number indicated by the password in the
files. If the call came from an unauthorized number, the computer dials the authorized location and
warns the user that there has been an attempt to use that password.